WO1999040503A1 - Market data enterprise an domain system implemented by master entitlement processor - Google Patents

Market data enterprise an domain system implemented by master entitlement processor Download PDF

Info

Publication number
WO1999040503A1
WO1999040503A1 PCT/US1999/002797 US9902797W WO9940503A1 WO 1999040503 A1 WO1999040503 A1 WO 1999040503A1 US 9902797 W US9902797 W US 9902797W WO 9940503 A1 WO9940503 A1 WO 9940503A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
mep
domain
computer system
server
Prior art date
Application number
PCT/US1999/002797
Other languages
French (fr)
Inventor
Robert Shallenberger
Behzad Zamanzadeh
Mohsen Farry
Harish Malhotra
Original Assignee
Reuters, Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Reuters, Ltd. filed Critical Reuters, Ltd.
Priority to AU26666/99A priority Critical patent/AU2666699A/en
Publication of WO1999040503A1 publication Critical patent/WO1999040503A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99939Privileged access
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99941Database schema or data structure
    • Y10S707/99944Object-oriented database structure
    • Y10S707/99945Object-oriented database structure processing

Definitions

  • This invention relates generally to computer systems having a master
  • entitlement processor for storage and maintenance of a dynamic database of user
  • this invention relates to computer systems which
  • processors and a user computer system.
  • master entitlement processor stores user information, such as user ID numbers, user
  • servers and associated user workstations when the user computer system
  • MEP causes the applications to be controlled in a predetermined manner appropriate
  • the specific user based on the user information. For example, if the user password
  • the user information can be changed in the MEP through dedicated management information system (MIS) workstations, but not through the user
  • MIS management information system
  • the user information will not include the identity of the user information
  • the user's designated server may receive from the
  • MEP and store the user's user information in memory or on a magnetic disk.
  • this invention to store user permission data in a compact form which can easily adapt to changes in the permission scheme. It is a further object of the invention to provide
  • user permission information is stored in a table-driven format which is
  • domains sets, referred to as domains.
  • the permission scheme does not have to be hard-coded into the user computer system.
  • processor system includes an MEP, a user computer system (UCS), and
  • the MEP has code for storing a database of user information, and for
  • the UCS has code for supporting at least one application, for
  • a computer system includes a
  • first computer for example, an MEP computer
  • second computer for example, a
  • the first computer stores a table-
  • each bit represents the status of a specific permission for a user.
  • an enterprise computer According to a third aspect of the present invention, an enterprise computer
  • the system includes a first domain, a second domain and a user computer.
  • the first domain includes a first domain, a second domain and a user computer.
  • the domain includes a plurality of first-domain server computers.
  • the second domain includes a plurality of first-domain server computers.
  • the domain structure can be used to maintain the users server access in a controlled, yet flexible, manner, because a particular user may be preferably directed to a particular domain (that is, set of
  • Fig. 1 is a block diagram of an embodiment of a master entitlement processor
  • Fig. 2 is a block diagram of a user workstation portion of Fig. 1;
  • Fig. 3 is a block diagram of a market data server portion of Fig. 1;
  • Fig. 4 is a table of access permission lists which is stored in the Fig. 1 system;
  • Fig. 5 is a dynamic table for expanding access permission lists which is stored
  • Fig. 6 is a flowchart showing a login process for user login to the master
  • Fig. 7 is a block diagram showing the user computer system (UCS) portion of
  • Fig. 8 is a block diagram showing the user computer system (UCS) portion of the embodiment of Fig. 1 after a domain- wide failure condition occurs in one of the
  • the present invention is
  • An MEP may be used in conjunction with a user computer system through
  • the user computer may communicate public networks (for example, the Internet) or private networks.
  • public networks for example, the Internet
  • private networks for example, the Internet
  • market data application which is used to deliver financial information, such as
  • the user computer system will generally include many
  • the user workstations generally run the -7-
  • market data applications with support from a market data server in the areas of user information (for example, user password verification) and provision of substantive
  • the market data server collects financial information from various financial exchanges and delivers it to the user workstation as appropriate based on the
  • the enterprise consists of
  • a market data enterprise is
  • a user can get market data services from any workstation using a valid
  • workstation is not limited to stationary computers.
  • a user workstation is not limited to stationary computers.
  • a user workstation is not limited to stationary computers.
  • a user workstation is not limited to stationary computers.
  • a user workstation is not limited to stationary computers.
  • a user workstation is not limited to stationary computers.
  • a user workstation is not limited to stationary computers.
  • a user workstation is not limited to stationary computers.
  • PC personal computer
  • a domain is a set of cooperating market data servers. All of the market data
  • failure conditions such as failure of external services, distribution network component
  • Loadbalancing within a domain can be static or dynamic. Loadbalancing across
  • Static Loadbalancing is preferably based on a user
  • the user configuration table allows multiple servers to be defined for each user. These servers are defined in priority order.
  • the first server is the user's primary server which also identifies the primary domain.
  • the remaining servers may
  • Servers and workstations in a domain can be scattered over local and remote LAN segments.
  • enterprise 100 includes user computer system 101 and master entitlement processor set 102.
  • UCS 101 allows users
  • the master entitlement processor set 102 keeps track of various parameters
  • user computer system (UCS) 101 includes first domain 135,
  • a market data computer system will include market data servers and market data distribution systems (such as POP-CONC and
  • Each domain is a set of at least two market data servers (MDS).
  • Domain 135 is
  • Domain 135 has two market
  • MDSl 140 data servers
  • MDS2 142 data servers
  • the MDS's may be, for example, a model
  • MDSl 140 and MDS2 142 can communicate with
  • brokers use the branch office facilities and cause increased load on the domain 135.
  • master entitlement processor set 102 can help provide
  • User workstations 145, 146, 147, 148 may be, for example, desktop or laptop
  • Pentium a trademark of INTEL Corporation
  • NT4 compatible network cards They can be connected as shown to MDS's 140, 142 by
  • UW1 145 and UW3 147 are logged into MDSl 140, and UW2 146 and UW4 148 are logged into MDS2 142.
  • the second domain 137 also includes two MDS's, MDS3 143 and MDS4 144.
  • the second domain in this preferred embodiment is a central server farm. No user
  • MDS3 and MDS4 of the central server farm domain 137 communicate with each other, with the master entitlement processor set 102 and with various sources of market data through XRC2 cloud 138 and network
  • Master entitlement processor set includes MEP1 103, MEP2 132, MEP3 134,
  • MIS PCI management information system personal computer
  • MIS PC2 128 management information system personal computer
  • 102 is often used to store user information for more than one enterprise, although
  • the MEP's will prevent users from one enterprise from utilizing the system
  • resources such as servers belonging to other enterprises.
  • the three MEP's are largely to provide for redundancy in case one or more of the
  • MEP's 103, 132, 134 may be constructed as, for
  • MEP's 103, 132, 134 is strategically located to provide 24-hour operation in the event of
  • MEPl 103 will be described in detail with reference to Fig. 1.
  • MEP1 103
  • MEP database 122 which stores up-to-date user information for all of the users in the enterprise. As described below, the nine daemons allow modifications to MEP database
  • the permitted MEP database 122 modifications are limited to modifications of user password and current user login status and location.
  • the assignment of user ID's and permissions may have consequences with
  • Daemon MEP ROUTED 104 communicates between other daemons and the MDS's of
  • MEP_ROUTED accepts connections from all user sets that use an
  • MEP ROUTED 104 routes all packets between MDS's and the MEP daemons
  • Mep_hostd Handles all MEP initiated transactions between MEP and the MDS. Such transactions
  • Throttles jobs in the queue to insure that limits per site and per MEP system are not
  • This daemon synchs up the time on the current MEP to the time on the Master MEP
  • mep_cfgmgrd went down (in regards to Arius, this application only initially authenticates the user for the Arius II windows application).
  • MEP 103 (which can receive instructions to modify certain user
  • MDSl components of MDSl are MEP agent 156 (including a local cache 157), RP server 158
  • MEP agent API 159 (including MEP agent API 159), MDS application 160 (including MEP agent API 161),
  • alert server 162 service map table 166, local cache disk image 168, and FIS daemon
  • the MEP agent 156 resides on MDSl 140 and handles simultaneous two-way
  • user information such as the updated location of an MDS where the user
  • MEP 103 is logged in, or an updated user password, may be sent from MEP 103 to MDS 140 as
  • database modification instructions to modify a user password may be sent
  • MEP agent 156 from MEP agent 156 to MEP's 103, 132, 134 as part of a conversation wherein user
  • the MEP agent preferably employs message based programming so that only changed data is delivered to MDSl 140.
  • the messages are transferred between MEP agent 156 and MEP's 103, 132, 134 in the form of financial information services (FIS)
  • FIS packets are 127 bytes long, and are preferably utilized in this
  • MEP agent 156 stores some user information, such as encrypted user passwords
  • Local cache 157 is part of a shared memory. To make sure the user information in local cache 157 is reliably available, it is
  • local cache 157 contains a dynamic
  • Local cache 157 further contains some server configuration information pertaining
  • local cache 157 is loaded from the disk images 166, 168.
  • MDSl 140 does not have to request user
  • MEP agent 156 Another important function of MEP agent 156 is a throttling function, whereby
  • processor set 102 is limited. As discussed below, dynamic loadbalancing between MDS's in a domain is also preferably employed to help prevent overburdening any single MDS with too many simultaneous conversations. MEP agent 156 notifies the alert server 162 and the FIS daemon 178, when access permission information is
  • the MEP agent also logs communication activity and any errors to a log file.
  • MDS applications 160 are utilized by MDS applications 160.
  • the MDS applications 160 may
  • MDSl 140 include a market data application which is accessed by users logged into MDSl 140 to receive current financial information from various financial exchanges.
  • MDS applications 160 include an MEP agent application program interface
  • API 161 for communicating between MEP agent 156 and the MDS applications 160.
  • MEP agent API 161 provides
  • MEP agent API 161 expands a binary, table-driven access
  • Fig. 4 shows access permission lists 201 for all users of the domain 135 stored in a tabular format in local cache 157. Identical access permission lists 201 are also stored on MDS2 142 (the other MDS in branch office domain 135) and on each of the MEP's 103, 132, 134. Of course, when there is a change to these permission lists, updates
  • the access permission lists 201 are preferably not stored in MDS3 143 and MDS
  • branch office domain 135 would not generally be logged into these other domains.
  • the exemplary access permission lists of Fig. 4 are access permission lists for
  • access permission lists 201 can easily be changed because they are in a binary format in the form of a table-driven list. For example, if the
  • the access permission lists can be
  • bits can be accordingly added to access permission lists 201. This compact,
  • MEP agent API 161 is programmed to
  • Dynamic table 203 is stored in local cache 157, and is also preferably stored at
  • the dynamic table maps each bit position of the access -20-
  • the exemplary dynamic table 203 has five fields of expansion information for each of the four bit positions BIT 1 to BIT 4.
  • the five fields are : (1) hard code (numeric), (2) hard code (alphanumeric), (3) service name, (4) service grouping, and (5) long name.
  • this example refers to access to a particular financial exchange. However, access
  • permission lists may have bit positions corresponding to other types of features, such as
  • MDS application 160 will be able to determine which types of
  • UWl also includes input
  • permission lists can be sent through the system very quickly, and thereby help keep all
  • access permission lists 201 and dynamic table 203 can be modified through an MDS or a user
  • access permission list 201 allows the window 197 for displaying New York Stock
  • MEP's 103, 132, 134 comes into MDS 140 through FIS incoming
  • FIS daemon 178 decodes the incoming user information -22-
  • MEP agent 156 receives from FIS format, and sends it to MEP agent 156 via MEP agent socket 174.
  • Outgoing user information from MEP agent 156 such as MEP database modification commands,
  • RP server 158 controls user login and passes permissions to workstations.
  • RP server 158 can receive user information from local cache 157 or from MEP 103 via MEP agent 156 and API socket 164.
  • Fig. 6 is a flowchart of login process 200 which
  • workstation operations 201 generally includes workstation operations 201, market data server operations 202 and
  • step SI a user desiring to login to the system 101 to run
  • the market data applications 160 enters her unique user ID (for example, user number)
  • the user workstation connects to an MDS, and sends the login
  • MDS queries the user information stored within the local cache of the MDS (for
  • local cache 157 For example, local cache 157.
  • the API determines whether the
  • user ID is in the local cache.
  • user information for each user is maintained in
  • each server of the user's designated primary domain If the user is a designated user of
  • the user information for the roamer may be obtained by any server in the system
  • step S4 determines that the user ID is in the local cache, processing
  • step S4 determines that the user ID is not in the local cache
  • a request of user ID and password relating to the user is sent to and received by one of the MEP's in the system.
  • the MEP will have complete user information in its MEP database, and the necessary user information will be sent back to the requesting MDS.
  • step S6 the user password can now be validated in the MDS (in light of user
  • step S7 the user's access permission list is requested from the local cache. If
  • this information is sent to and received by the MEP at step S8.
  • the MEP the MEP
  • step S9 domain validation locking is performed to ensure that the user can log into the domain only once.
  • step S10 the access permission list is expanded by the dynamic table (as explained above) and login is granted in accordance with the user's
  • Notification of login is sent to the MEP at step SI 1 which keeps track of this information for user tracking and user login purposes. It is noted that the two-way
  • Notification of the login and expanded permission information is also sent back to the user workstation at step S12.
  • the user workstation software can directly utilize
  • the present invention allows users to be logged into more than one
  • MDS within a domain, and also (depending on system design) allow a user to log into
  • the present invention facilitates quick, enterprise-wide user locking.
  • Static loadbalancing may be used to distribute users among the different domains
  • the user information for a user will set priority rules with respect to which
  • user information may specify that the user (1) will preferably be logged into one of the MDS's 140, 142 of branch office domain 135, (2) will be logged into one of the MDS's 143, 144 as a secondary preference (for example, if there is
  • Static loadbalancing may also be used to distribute users among the different parameters
  • MDS's of a domain system according to a predetermined priority rules.
  • the user sets priority rules with respect to which
  • a user information may specify that the user * (1) will preferably
  • dynamic loadbalancing may be used to distribute users within a
  • a user According to dynamic loadbalancing within a domain, a user will generally be
  • MDSl 140 and MDS2 are sent to the MDS with the most capacity.
  • MDSl 140 and MDS2 are sent to the MDS with the most capacity.
  • dynamic loadbalancing may involve switching
  • Fallback is the reverse operation, when users are switched back to the first MDS after
  • Fig. 7 shows the failover after MDSl 140 experiences a failure condition. As shown in Fig. 7, all of the users are switched to MDS2 142, the other MDS in their domain 135. Because MDS2 is in the users' domain 135, it has already been contemplated that these users may
  • Fig. 8 shows failover when all MDS's 140, 142 in domain 135 fail.
  • these users are distributed between MDS3 143 and MDS4 144 of the central server farm domain 137 according to a dynamic loadbalancing scheme in order

Abstract

A computer system including a master entitlement processor for storing user information, such as user passwords and access permissions, and a user computer system for allowing a user to operate an application in accordance with the user information corresponding to the user. The user computer system preferably includes a plurality of server computers organized into an enterprise including a plurality of domains. Two-way communication between the master entitlement processor and the server computers facilitates accurate storage, reliable access and easy modification of the user information. Organization of the server computers into domains allows good fault tolerance and robust failover and failback operations through static and dynamic loadbalancing.

Description

-1-
MARKET DATA ENTERPRISE AND DOMAIN SYSTEM IMPLEMENTED BY A MASTER ENTITLEMENT PROCESSOR
TECHNICAL FIELD
This invention relates generally to computer systems having a master
entitlement processor for storage and maintenance of a dynamic database of user
information, which user information is utilized by an application run on a user
computer system. More particularly, this invention relates to computer systems which
allow two-way communication of user information between master entitlement
processors and a user computer system.
BACKGROUND ART
In conventional computer systems having a master entitlement processor, the
master entitlement processor stores user information, such as user ID numbers, user
passwords and user permission information for use by the user computer system (for
example, servers and associated user workstations) when the user computer system
runs applications.
Reference to the user information stored in e master entitlement processor
(MEP) causes the applications to be controlled in a predetermined manner appropriate
for the specific user based on the user information. For example, if the user password
is not among the user passwords in the MEP database of user information, then the
user cannot use the applications at all. As another example, if the user permission
information permits the user access to some features of the applications, but not to others, then the applications will be controlled to allow the user to access only the
permitted features.
The user information can be changed in the MEP through dedicated management information system (MIS) workstations, but not through the user
computer system itself. As a practical matter, this can make it difficult to change user
information for the user. For example, if the user wants to change her password, she must have this operation performed by somebody with access to an MIS workstation.
This also limits the types of user information which can be stored in the MEP database. For example, the user information will not include the identity of the
server (s) which the user is currently logged into because these servers have no way of
communicating this information to the MEP, and because the MEP cannot receive
user information from the user computer system.
Also, in many conventional master entitlement processor systems (that is,
computer systems which include an MEP and a user computer system), each user is
limited to logging into a single, predetermined server. This means that a users will
not be able to run the application if her predetermined server experiences failure
conditions. In this kind of system, the user's designated server may receive from the
MEP and store the user's user information in memory or on a magnetic disk.
However, the user's user information will not be present on any other servers in the system. -3-
DISCLOSURE OF INVENTION
It is an object of the present invention to provide a master entitlement processor system wherein user information can be easily modified in an MEP and readily distributed to all computers in the user computer system. It is also an object of
this invention to store user permission data in a compact form which can easily adapt to changes in the permission scheme. It is a further object of the invention to provide
robust failover and fallback operations through the organization of servers into an
enterprise/domain/server hierarchy .
It is a feature of the present invention that there is communication of user information from a user computer system up to an MEP. It is another feature of the
invention that user permission information is stored in a table-driven format which is
expanded through the use of a dynamic table into a predetermined format suitable for
an application. It is a further feature of this invention that servers are organized into
sets, referred to as domains.
It is an advantage of the present invention that users can easily change at least
some portion of their user information. It is another advantage of the invention that
the permission scheme does not have to be hard-coded into the user computer system.
It is a further advantage of this invention that users can continue to run applications
without substantial interruption upon failure of some, or even all, servers in a domain.
It is an advantage of the present invention that enterprises (such as a market
data enterprise) can be extended over a publicly connected network so that each
enterprise will be using its own resources. In this case, users belonging to an
enterprise will be limited to servers in their own enterprise. -4-
According to one aspect of the present invention, a master entitlement
processor system includes an MEP, a user computer system (UCS), and
communication means for providing two-way data communication between the MEP
and the UCS. The MEP has code for storing a database of user information, and for
modifying the database according to data received from the UCS through the
communication means. The UCS has code for supporting at least one application, for
receiving user information from the MEP, and for sending user information database
modification instructions to the MEP. In this way the system can provide for central
control and maintenance of user information as well as distributed (local) control and
maintenance of such information.
According to a second aspect of the invention, a computer system includes a
first computer (for example, an MEP computer), a second computer (for example, a
server /workstation) and a communication means. The first computer stores a table-
driven access permission list in the form of a variable-length string of bits wherein
each bit represents the status of a specific permission for a user. The second computer
stores a dynamic table and code for expanding the table into permission information in
a predetermined format using the dynamic table. The expanded-format permission
information can then be directly utilized by applications to control which features of
the applications that specific user will be able to access.
According to a third aspect of the present invention, an enterprise computer
system includes a first domain, a second domain and a user computer. The first
domain includes a plurality of first-domain server computers. The second domain
includes a plurality of second-domain server computers. Program code located in each of the server computers allows a user to log into any one of the server computers in at least one of the first and second domains, and thereafter to receive data from the server computer which the user is logged into. The domain structure can be used to maintain the users server access in a controlled, yet flexible, manner, because a particular user may be preferably directed to a particular domain (that is, set of
servers) without being rigidly tied to a single, specific server.
BRIEF DESCRIPTION OF DRAWING
The objects, advantages and features of the present invention will become
more readily apparent from the following detailed description, taken together with the
accompanying drawing, in which:
Fig. 1 is a block diagram of an embodiment of a master entitlement processor
system according to the present invention;
Fig. 2 is a block diagram of a user workstation portion of Fig. 1;
Fig. 3 is a block diagram of a market data server portion of Fig. 1;
Fig. 4 is a table of access permission lists which is stored in the Fig. 1 system;
Fig. 5 is a dynamic table for expanding access permission lists which is stored
in the Fig. 1 system;
Fig. 6 is a flowchart showing a login process for user login to the master
entitlement processor system of Fig. 1;
Fig. 7 is a block diagram showing the user computer system (UCS) portion of
the embodiment of Fig. 1 after a failure condition occurs in one of the market data
servers; and -6-
Fig. 8 is a block diagram showing the user computer system (UCS) portion of the embodiment of Fig. 1 after a domain- wide failure condition occurs in one of the
domains.
BEST MODE FOR CARRYING OUT THE INVENTION The present invention will now be explained with reference to one particular
market data computer system. Although the computer sytem is designed for running a
market data application for delivering financial information, the present invention is
not limited to this, and broadly applies to any computer system wherein any type of
users use computers for any reason. Also, the embodiment discussed below has, for
the sake of simplicity, only a very limited number of server computers and user
workstations. In many preferred embodiments, the number of users, computers and
domains will be much larger because most enterprises (such as large companies) have
many users (such as employees) distributed over many domains (such as branch
offices). Before discussing the embodiments shown in the figures, the present
invention will first be described in somewhat general terms.
An MEP may be used in conjunction with a user computer system through
public networks (for example, the Internet) or private networks. The user computer
system embodiments discussed herein will be user computer systems for running a
market data application which is used to deliver financial information, such as
information about transactions in stock exchanges, to interested users, such as
brokers. In these embodiments, the user computer system will generally include many
market data servers and user workstations. The user workstations generally run the -7-
market data applications with support from a market data server in the areas of user information (for example, user password verification) and provision of substantive
market data information. As an example of providing substantive market data
information, the market data server collects financial information from various financial exchanges and delivers it to the user workstation as appropriate based on the
user permissions.
First, the concept of an enterprise will be explained. The enterprise consists of
a set of customer's data centers, domains, market data servers, user workstations and
users. For example, in the market data services context, a market data enterprise is
preferrably an extension of services provided by a brokerage and trading firm to its
employees where they can get professional and exclusive market information
whenever and wherever they can establish connectivity between their desktop
computer and enterprise servers.
The following functions are preferably managed at an enterprise level: (1)
user administration, (2) entitlements, (3) user authentication and locking, (4) failover,
and (5) controlling user profile. Further information on a preferred scheme for
controlling user profile is provided in co-pending U.S. Provisional Application No.
60/074,142 which is herein incorporated by reference in its entirety.
The firm-wide or enterprise-wide permission informations (entitlements)
allows the user to access his or her entitled market data services at any location within
the enterprise. A user can get market data services from any workstation using a valid
User ID (QUID) login. The central locking mechanism guarantees that users can only
log in once into the market data enterprise at any time. As used herein, the term -8-
" workstation" is not limited to stationary computers. For example, a user workstation
may be a portable personal computer (PC). Each enterprise is uniquely identified with
the customer's account ID.
Users accessing market data from home or on the road are also considered part
of the enterprise. Users can only get market data services from servers in their
respective enterprise. There is one exception to this rule. In the case where users from
two different firms share the same server, there are provisions to accommodate users of the second enterprise. This is done by assigning the servers from the first enterprise in
the list of authorized servers for the QUID's belonging to the second enterprise.
A domain is a set of cooperating market data servers. All of the market data
servers within a branch office could make up a domain. The domain concept makes it
possible to construct a superior fault-tolerant architecture within a multiple server office
or between smaller offices with only one server. The domain architectures allows
system designers to provide a higher level of redundant market data service which can
survive multiple failures as well as catastrophic failures.
Domain servers improve overall reliability and performance of the system by
providing failover, fallback and load balancing among each other. Organizing servers
into a domain structure can provide better capability to fully recover from any system
failure conditions such as failure of external services, distribution network component
failure, communication line failure, as well as server and workstation failure.
Loadbalancing within a domain can be static or dynamic. Loadbalancing across
domains are usually static. Static Loadbalancing is preferably based on a user
configuration table. The user configuration table allows multiple servers to be defined for each user. These servers are defined in priority order. The first server is the user's primary server which also identifies the primary domain. The remaining servers may
be in the primary domain or in other domains as well as being a web. Servers and workstations in a domain can be scattered over local and remote LAN segments.
A preferred embodiment of a master entitlement processor system for running a
market data application over enterprise-wide system 100 will now be described in detail with reference to Figs. 1 through 8. As shown in Fig. 1, enterprise 100 includes user computer system 101 and master entitlement processor set 102. UCS 101 allows users
enterprise-wide to run market data applications which provides access to current financial information. The master entitlement processor set 102 keeps track of various
user information relating to each user in the enterprise.
More particularly, user computer system (UCS) 101 includes first domain 135,
user workstations 145, 146, 147, 148 and second domain 137. In some preferred
embodiments of the present invention, a market data computer system will include market data servers and market data distribution systems (such as POP-CONC and
XRC). Each domain is a set of at least two market data servers (MDS). Domain 135 is
a domain corresponding to a branch office of a brokerage. Domain 135 has two market
data servers, MDSl 140 and MDS2 142. The MDS's may be, for example, a model
RS/6000, sold by IBM Corporation. MDSl 140 and MDS2 142 can communicate with
each other, with master entitlement processor set 102 or with various market data
information sources via conventional XRC1 cloud 136 and network 130.
As explained in more detail below, because there are two MDS's (MDSl 140
and MDS2 142), in the branch office, operations can continue in the branch office -10-
domain 135, even if one of the two MDS's experiences a failure condition, such as: (1) feed is down, (2) critical services are down, (3) communication failure, and (4) power shutdown. Although the exemplary domain 135 of this preferred embodiment has only
two MDS's, additional MDS's could be added, especially as more users (for example,
brokers) use the branch office facilities and cause increased load on the domain 135.
Since there is more than one MDS in domain 135, certain other aspects of the
present invention become quite useful. For example, user locking, as explained below, can help prevent users from logging into more than one MDS at one time. Also, master entitlement processor set 102 according to the present invention can help provide
reliable and timely maintenance of user information, which becomes especially
important as users are logged into different MDS's at different times.
At the instant of time shown in Fig. 1, four user workstations, UW1 145, UW2
146, UW3 147 and UW4 148, are logged into MDS's 140, 142 of branch office domain
135. User workstations 145, 146, 147, 148 may be, for example, desktop or laptop
personal computers with Pentium (a trademark of INTEL Corporation) processors and
NT4 compatible network cards. They can be connected as shown to MDS's 140, 142 by
any conventional kind of public or private network connection. As shown, in Fig. 1,
UW1 145 and UW3 147 are logged into MDSl 140, and UW2 146 and UW4 148 are logged into MDS2 142.
The second domain 137 also includes two MDS's, MDS3 143 and MDS4 144.
The second domain in this preferred embodiment is a central server farm. No user
workstations are logged into the second domain 137. However, as further explained
below, if one of the other domains in the system experienced a failure condition -11-
affecting every MDS in the domain, then user workstations could be switched into the central server farm domain 137 as a backup. MDS3 and MDS4 of the central server farm domain 137 communicate with each other, with the master entitlement processor set 102 and with various sources of market data through XRC2 cloud 138 and network
130.
Master entitlement processor set includes MEP1 103, MEP2 132, MEP3 134,
management information system personal computer (MIS PCI) 126 and management information system personal computer (MIS PC2) 128. MIS PCI 126 and MIS PC2 128 can be used to access and program MEP1 103, similarly to the way in which conventional MEP's are programmed. It is noted that a master entitlement processor set
102 is often used to store user information for more than one enterprise, although
preferrably the MEP's will prevent users from one enterprise from utilizing the system
resources (such as servers) belonging to other enterprises.
The three MEP's are largely to provide for redundancy in case one or more of the
MEP's experiences a failure condition. MEP's 103, 132, 134 may be constructed as, for
example, RS6000 G40 model computers running with database replication. Each of the
MEP's 103, 132, 134 is strategically located to provide 24-hour operation in the event of
failure and is capable of serving all MDS's in the enterprise. While the MEP's stay
current on user information by sharing changes in user information with all of the MEP's
in the system, the identity of the specific MEP which may providing user information to
the user's server and the flow of information between the MEP's is generally transparent
to the users. -12-
Now MEPl 103 will be described in detail with reference to Fig. 1. MEP1 103
includes code for nine daemons 104, 106, 108, 110, 112, 114, 116, 118 and 120, and for
MEP database 122 which stores up-to-date user information for all of the users in the enterprise. As described below, the nine daemons allow modifications to MEP database
122 to be effected via the user computer system 101, as well as by the MISPC's 126,
128.
However, in this preferred embodiment, the permitted MEP database 122 modifications are limited to modifications of user password and current user login status and location. The assignment of user ID's and permissions may have consequences with
respect to how the enterprise is billed for the market data services it receives, so these aspects of the user information in the MEP database 122 may preferably be modified
only through the relatively secure and deliberate conventional method of utilizing the
MISPC's 126, 128.
The nine daemons will now be described. 1.1. MEP_Routed 104
Daemon MEP ROUTED 104 communicates between other daemons and the MDS's of
the domains 135, 137 through the two-way communication network 130 and the XRC
clouds 136, 138. MEP_ROUTED accepts connections from all user sets that use an
ARB with the appropriate MEP xrcquent entry in their "named.host" file.
MEP ROUTED 104 routes all packets between MDS's and the MEP daemons
(MEP CLIENTD and MEP HOSTD). If MEP ROUTED is down, then all XRC
connections to MEP 103 will be down. Subsequently, no data will flow between MEP
103 and the MDS's. -13-
1.2. Mep_clientd
Handles all MDS requests between the MDS and the MEP Daemons or the MEP Database. Such requests include retrieving Quids that do not exist in the MDS cache, retrieval and storage of Quid User Configurations (passwords, primary/back-up servers, etc.), storage or login activity, daily MEP signons from each MDS, upstream routing of
Config messages, uploading files from MDS, etc...
If this daemon is down, all requests from MDS will not be processed. This is a major
component of the MEP Subsystem.
1.3. Mep_hostd Handles all MEP initiated transactions between MEP and the MDS. Such transactions
include downloading scheduled Quids and User Configurations, downloading/uploading
scheduled files, downloading Config messages, etc...
Interfaces between mep dwld to process download/upload requests.
If this daemon is down, all MEP initiated requests will not be processed but will remain
in the download queue to be processed when the daemon comes back up. This is a
major component of the MEP Subsystem.
1.4. Mep_dwld
Executes download requests at the given data/time entered in the Dwld que Database table.
Throttles jobs in the queue to insure that limits per site and per MEP system are not
exceeded.
Jobs are sent to the mep hostd to be delivered to the site. -14-
If this daemon is down, no jobs in the Dwld_que table will be sent to the site. This
affects all scheduled jobs.
1.5. Mep_cfgmsgr
Supports Server Configuration uploading, downloading, and scheduling between MEP
and MDSs.
If this daemon is down, all Server Configurations support to the MDS will be down.
1.6. Mep repadmd
Periodically checks the health of the Oracle Replication services.
Resolves database conflicts. Pushes failed replication jobs to other MEP nodes (checks every 5 minutes).
If this daemon is down, Oracle replication will not resume automatically when it
experiences problems with pushing data to other MEP nodes.
1.7. Mep_timed
This daemon synchs up the time on the current MEP to the time on the Master MEP
system.
If this daemon is down, time synchronization between the MEP system will not occur.
1.8. Mep_cfgmgrd
Provides initial login interface to support Arius II (MIS PC) and Server Config windows
applications. Supports application access with the Server Config windows application.
If this application is down, Arius II (MIS PC) and Server Config windows applications
will not be able to log into MEP. Also, all Server Config windows application support
will be down. Arius II users will still be able to operate if logged into MEP before -15-
mep_cfgmgrd went down (in regards to Arius, this application only initially authenticates the user for the Arius II windows application).
1.9. Mep_ariusd
Handles requests for updates, retrievals, and scheduling of Quid Entitlements or Quid
User Configuration between MEP and Arius II. If this daemon is down, Arius II users
will not be able to use the Arius II windows application.
Now that MEP 103 (which can receive instructions to modify certain user
information in its MEP user information database 122) has been described, exemplary
MDSl 140 will be described in detail with reference to Fig. 3. The principal
components of MDSl are MEP agent 156 (including a local cache 157), RP server 158
(including MEP agent API 159), MDS application 160 (including MEP agent API 161),
alert server 162, service map table 166, local cache disk image 168, and FIS daemon
178.
The MEP agent 156 resides on MDSl 140 and handles simultaneous two-way
communications between MEP's 103, 132, 134 and MDSl 140 in an asynchronous,
multiplexed manner. These two-way conversations generally involve user information.
For example, user information, such as the updated location of an MDS where the user
is logged in, or an updated user password, may be sent from MEP 103 to MDS 140 as
part of one of the simultaneous conversations handled by MEP agent 156. As another
example, database modification instructions to modify a user password may be sent
from MEP agent 156 to MEP's 103, 132, 134 as part of a conversation wherein user
information is transferred from MDSl 140 up to MEP 103. -16-
The MEP agent preferably employs message based programming so that only changed data is delivered to MDSl 140. The messages are transferred between MEP agent 156 and MEP's 103, 132, 134 in the form of financial information services (FIS)
packets. These FIS packets are 127 bytes long, and are preferably utilized in this
embodiment because this is a pre-existing format which is conventionally used to communicate substantive market data of the type utilized by market data applications.
Alternatively, other formats are also possible.
MEP agent 156 stores some user information, such as encrypted user passwords
and access permissions, in a local cache 157. Local cache 157 is part of a shared memory. To make sure the user information in local cache 157 is reliably available, it is
also saved as local cache disk image 168. Also, local cache 157 contains a dynamic
table for expanding access permissions, which is also backed up as table disk image
166. Local cache 157 further contains some server configuration information pertaining
to customer number and identities of the primary and backup MEP servers.
At system start-up, local cache 157 is loaded from the disk images 166, 168.
However, if disk images 166, 168 have been corrupted, a complete reload will be requested from master entitlement processor set 102. Integrity of the local cache is
preferably checked daily by master entitlement processor set 102. Because user
information is stored in local cache 157, MDSl 140 does not have to request user
information from the MEP's as often, which results in quicker, more efficient
operations.
Another important function of MEP agent 156 is a throttling function, whereby
the number of simultaneous conversations between MDSl 140 and master entitlement -17-
processor set 102 is limited. As discussed below, dynamic loadbalancing between MDS's in a domain is also preferably employed to help prevent overburdening any single MDS with too many simultaneous conversations. MEP agent 156 notifies the alert server 162 and the FIS daemon 178, when access permission information is
changed. The MEP agent also logs communication activity and any errors to a log file.
The up-to-date user information maintained in local cache 157 by MEP agent
156, is utilized by MDS applications 160. For example, the MDS applications 160 may
include a market data application which is accessed by users logged into MDSl 140 to receive current financial information from various financial exchanges. User
information from local cache 157 will be used when a user logs in (as discussed in detail below), and also as the user attempts to access various features of MDS applications 160
for which she may or may not have the required access permissions.
MDS applications 160 include an MEP agent application program interface
(API) 161 for communicating between MEP agent 156 and the MDS applications 160.
More specifically, user information is delivered as needed by the MDS applications
from the local cache to MEP agent API 161 via line 192. MEP agent API 161 provides
functions to convert user information maintained by the MEP's into a format which is
meaningful to MDS applications 160.
More particularly, MEP agent API 161 expands a binary, table-driven access
permission list into meaningful access permission information in a format which can be
directly utilized by MDS applications 160. This access permission expansion will now
be discussed with reference to Figs. 1 and 3 to 5. -18-
Fig. 4 shows access permission lists 201 for all users of the domain 135 stored in a tabular format in local cache 157. Identical access permission lists 201 are also stored on MDS2 142 (the other MDS in branch office domain 135) and on each of the MEP's 103, 132, 134. Of course, when there is a change to these permission lists, updates
should be effected in each of these locations.
The access permission lists 201 are preferably not stored in MDS3 143 and MDS
4 144, the MDS's of central server farm domain 137, because MDS3 143 and MDS4
144 can pull this information down from master entitlement processor set 102 on the
infrequent occasions that it is required. However, if the system 100 included additional
branch office domains, then access permission lists for the users of branch office domain 135 would probably not be stored in these additional domains because the users
of branch office domain 135 would not generally be logged into these other domains.
One example would occur in the case of users who are designated as "roamers."
These users are allowed to log into any domain, and their user information (such as their
access permission lists) would be accessible in all of the MDS's in all the domains
enterprise-wide in order to facilitate their roaming from branch office to branch office.
The exemplary access permission lists of Fig. 4 are access permission lists for
eight users from user number 000 (binary) to user number 111 (binary). In this
simplified example, there are four services for which each of the users may or may not
be permitted access. These four services are represented by four bit positions BIT 1,
BIT 2, BIT 3 and BIT 4 in the four-bit access permission list. Each user therefore has an
associated four-bit permission list where each bit position corresponds to whether the
user has access to the service (l=*access permitted), or alternatively, does not have -19-
access to the service (0=access denied). For example, user number Oi l shown in Fig. 4
has access to the service corresponding to BIT 1, but does not have access to the
services corresponding to BIT 2, BIT 3 and BIT 4.
One benefit of the access permission list format of Fig. 4 is flexibility. As the
services offered change or expand, access permission lists 201 can easily be changed because they are in a binary format in the form of a table-driven list. For example, if the
service corresponding to BIT 1 is no longer available, the access permission lists can be
shortened to three bits and the three bits can be appropriately mapped to the three
remaining services. As another example, if the number of possible services expands,
then bits can be accordingly added to access permission lists 201. This compact,
flexible access permission list format helps facilitate efficient maintenance of up-to-date access permission lists in the MDS's of domain 135 and the various MEP's 103, 132,
134 at the various locations in the enterprise- wide system 100.
While access permission lists 201 are compact and flexible in format, these lists
generally cannot be directly utilized by MDS applications which are on user
workstations or on MDS's. For this reason, MEP agent API 161 is programmed to
expand the access permission lists into access permission information of a format which
can be directly utilized by applications. This expansion is achieved by reference to a
dynamic table 203 as will now be explained with respect to Fig. 5.
Dynamic table 203 is stored in local cache 157, and is also preferably stored at
other MEP's and MDS's throughout the system. As mentioned above, it is also stored as
a disk image 166 in MDSl 140. The dynamic table maps each bit position of the access -20-
permission lists 201 to longer format service names and codes in predefined formats
conventionally used by market data applications.
For example, the exemplary dynamic table 203 has five fields of expansion information for each of the four bit positions BIT 1 to BIT 4. The five fields are : (1) hard code (numeric), (2) hard code (alphanumeric), (3) service name, (4) service grouping, and (5) long name. As shown in dynamic table 203, each of the services in
this example refers to access to a particular financial exchange. However, access
permission lists may have bit positions corresponding to other types of features, such as
access to particular stocks, access to particular types of quote information, and so on.
Once the access permission lists 201 for a user has been expanded using
dynamic table 203, MDS application 160 will be able to determine which types of
access to allow. For example, in Fig. 2, user number 001 is logged into MDSl 140
through UWl 145. The user receives market data provided by MDS applications 160
resident in MDSl 140 on the display 196 of UWl 145. UWl also includes input
devices keyboard 195 and mouse 199. As shown in Figs. 4 and 5, user number 001 has
access to the New York Stock Exchange because BIT 1 of her permission list 201 is set
to 1, and because dynamic table 203 maps BIT 1 to the New York Stock Exchange.
However, user number 001 does not have access to the Pennsylvania Stock Exchange
because BIT 2 is set to 0 in her access permission list.
In this preferred embodiment of the present invention, if user number 001
required access to the Pennsylvania Stock Exchange, then this change in her access
permission list could be effected in MEPl 103 database 122 through MISPC's 124, 128,
but not through UWl 145 and MDSl 140 of the user computer system 101. MEPl 103 -21-
would then distribute this change in access permission to the other MEP's 132 and 134, and to all of the MDS's 140, 142 of domain 135.
The use of a dynamic table as explained above has a powerful speed advantage,
which is especially important in the market data application context. In market data applications and other speed-critical applications, user information data must generally reach its destination within one second. The use of a dynamic table allows the access permission lists to be compacted, often into 100 bytes or less. These compact access
permission lists can be sent through the system very quickly, and thereby help keep all
the necessary information moving through the system at high requisite speeds.
In this preferred embodiment, the method of changing a user's access permission
list is relatively restricted for billing reasons, but it is noted that the two-way
communication of user information between the MDS's and the MEP's according to the
present invention also makes it possible to have embodiments wherein access permission lists 201 and dynamic table 203 can be modified through an MDS or a user
workstation.
As shown in Fig. 2, display 196 of UWl 145 observed by user number 001, her
access permission list 201 allows the window 197 for displaying New York Stock
Exchange information to display market information relating to this financial exchange
as collected by MDS applications 160. On the other hand, window 198 for providing
Pennsylvania Stock Exchange information indicates that access has been denied.
Returning to the inner workings of MDSl 140 shown in Fig. 3, incoming user
information from MEP's 103, 132, 134 comes into MDS 140 through FIS incoming
socket 188 to FIS daemon 178. FIS daemon 178 decodes the incoming user information -22-
from FIS format, and sends it to MEP agent 156 via MEP agent socket 174. Outgoing user information from MEP agent 156, such as MEP database modification commands,
are first sent to the FIS daemon 178 for formatting into FIS packets, The outgoing user
information is then sent out to the master entitlement processor set 102 through FIS
outgoing socket 190.
RP server 158 controls user login and passes permissions to workstations. To
perform these functions RP server 158 can receive user information from local cache 157 or from MEP 103 via MEP agent 156 and API socket 164.
Now the process of logging users into user computer system (UCS) 101 will be
described with reference to Fig. 6. Fig. 6 is a flowchart of login process 200 which
generally includes workstation operations 201, market data server operations 202 and
MEP operations 203. First, at step SI, a user desiring to login to the system 101 to run
the market data applications 160 enters her unique user ID (for example, user number)
and user password at a user workstation.
At step S2, the user workstation connects to an MDS, and sends the login
request along with the user ID and user password entered by the user. At step S3, the
MDS queries the user information stored within the local cache of the MDS (for
example, local cache 157).
At step S4, the API (for example, MEP agent API 161) determines whether the
user ID is in the local cache. Generally, user information for each user is maintained in
each server of the user's designated primary domain. If the user is a designated user of
the domain, then the user number will probably be in the local cache. -23-
However, if the user is as a roamer, the user will generally not be in the local
cache if the roamer attempts to log in to a server outside of her primary domain. In this case, the user information for the roamer may be obtained by any server in the system
from the MEP's. If step S4 determines that the user ID is in the local cache, processing
proceeds to step S6.
On the other hand, if step S4 determines that the user ID is not in the local cache
of the MDS, then at step S5 a request of user ID and password relating to the user is sent to and received by one of the MEP's in the system. As long as the user ID does exist somewhere in the enterprise, the MEP will have complete user information in its MEP database, and the necessary user information will be sent back to the requesting MDS.
Processing proceeds to step S6.
At step S6, the user password can now be validated in the MDS (in light of user
information in the local cache or alternatively received from an MEP). If the user
password is not validated, then prossing proceeds to step SI 2, and the negative results
are sent back to the user workstation. On the other hand, if the user password is
validated, then processing proceeds to step S7.
At step S7, the user's access permission list is requested from the local cache. If
the local cache has the access permission list, then processing proceeds to step S9. On
the other hand, if the access permission list is not in the local cache, then a request for
this information is sent to and received by the MEP at step S8. At step S8, the MEP
sends the requested information back to the MDS, which stores this information in the
local cache and repeats step S7. -24-
At step S9, domain validation locking is performed to ensure that the user can log into the domain only once. At step S10, the access permission list is expanded by the dynamic table (as explained above) and login is granted in accordance with the user's
permissions. Notification of login is sent to the MEP at step SI 1 which keeps track of this information for user tracking and user login purposes. It is noted that the two-way
data communication between the MDS and MEP of the present invention makes it
possible for the MEP to receive this user information.
Notification of the login and expanded permission information is also sent back to the user workstation at step S12. The user workstation software can directly utilize
the expanded permission information to control the user's access to various features
based on the identity of the user.
Because the present invention allows users to be logged into more than one
MDS within a domain, and also (depending on system design) allow a user to log into
MDS's in more than one domain, user locking becomes somewhat important. User
locking prevents a user from being logged into more than one MDS at the same time.
Since the present invention allows communication of user information from the MDS's
up to the MEP's, information about which MDS a user logs into can be transmitted up to
the MEP's so that this user information quickly becomes available on an enterprise-wide
basis. In this way, the present invention facilitates quick, enterprise-wide user locking.
Static loadbalancing may be used to distribute users among the different domains
of the system according to a predetermined priority rules. In these static load balancing
embodiments, the user information for a user will set priority rules with respect to which
domains the user can log into. -25-
For example, user information may specify that the user (1) will preferably be logged into one of the MDS's 140, 142 of branch office domain 135, (2) will be logged into one of the MDS's 143, 144 as a secondary preference (for example, if there is
domain failure of domain 135); and (3) will not be logged into any other domains which may exist in the UCS 101. In this way, the user has flexibility to be logged into four
different servers (among two domains), while still being prevented from being logged
into other MDS's in domains which may be geographically remote or may be heavily
burdened with other users.
Static loadbalancing may also be used to distribute users among the different
MDS's of a domain system according to a predetermined priority rules. In these embodiments of the present invention, the user sets priority rules with respect to which
MDS's of the domain the user can log into.
For example, a user information may specify that the user* (1) will preferably
logged into MDSl 140; (2) will be logged into one of the MDS2 142 as a secondary
preference (for example, if there is MDS failure of MDSl 140); and (3) will not be
logged into any other MDS's which may exist in the UCS 101. In this way, the user has
flexibility to be logged into two different servers, while still being prevented from being
logged into other MDS's in domains which may be geographically remote or may be
heavily burdened with other users.
Alternatively, dynamic loadbalancing may be used to distribute users within a
domain. According to dynamic loadbalancing within a domain, a user will generally be
sent to the MDS with the most capacity. For example, in Fig. 1, MDSl 140 and MDS2
142 are servers with equivalent capacity. Suppose a first user logs into MDSl 140 -26-
through UWl 145. Subsequently, a second user attempts to log into domain 135 through UW2 146. According to dynamic loadbalancing, this second user will preferably logged into MDS2 142, because this user is not burdened by any users.
In this way, users can continuously be logged into optimal MDS's from an MDS loading standpoint. More aggressively, dynamic loadbalancing may involve switching
the already logged-in users between various MDS's in the domain depending on the
load.
One highly preferred way of handling MDS and domain load is to use dynamic
loadbalancing within a domain, but to use static loadbalancing between domains. In this
way, users will generally be limited to access through either their branch office domain or a central server farm acting as a back-up. These limitations can help insure that users
are logged into MDS's which are geographically proximate. This limitation can also
help limit the maximum loads which may be experienced in a particular branch office
domain, and can help in evaluation of the MDS capacity necessary in each branch office domain.
Now the aspects of failover and fallback will be discussed with reference to Figs.
1, 7 and 8. The domain concept of the present invention allows failover and fallback to
be accomplished in a robust and efficient manner. Generally failover occurs when
user(s) are switched from a first MDS to a second MDS upon a failure condition.
Fallback is the reverse operation, when users are switched back to the first MDS after
the failure condition has ended.
Because the domain organization of the present invention allows the system to
be set up so that users may log into more than one MDS, failover is easily accomplished. -27-
In Fig. 1, users at workstations UWl 145 and UW3 147 are logged into MDSl 140, while users at workstations UW2 146 and UW4 148 are logged into MDS2. Fig. 7 shows the failover after MDSl 140 experiences a failure condition. As shown in Fig. 7, all of the users are switched to MDS2 142, the other MDS in their domain 135. Because MDS2 is in the users' domain 135, it has already been contemplated that these users may
be logged into MDS2 142, making the failover operation easy to effect.
Fig. 8 shows failover when all MDS's 140, 142 in domain 135 fail. Upon this
domain- wide failure condition, all users are switched to central server farm domain 137.
More particularly, these users are distributed between MDS3 143 and MDS4 144 of the central server farm domain 137 according to a dynamic loadbalancing scheme in order
to optimize load within the central server farm domain 137.
Certain preferred embodiments have been described above. It is likely that there
are modifications and improvements to these embodiments which are within the literal
scope or are equivalents of the claims which follow.

Claims

-28-CLAEMSWhat is claimed is:
1. A master entitlement processor system comprising: a master entitlement processor (MEP); a user computer system (UCS); communication means for providing two-way communication between the MEP
and the UCS; and
MEP code located in the MEP, the MEP code comprising:
an MEP database of user information; and
MEP database modification instructions for receiving database
modification data from the UCS through the communication means, and for causing
modifications to the MEP database according to the database modification data; and
UCS code located in the UCS, the UCS code comprising:
an application for utilization by a user, wherein the application is
controlled at least in part by a portion of the user information which corresponds to the
user,
and
MEP data-send instructions for sending the database modification data to
the MEP through the communication means.
2. The master entitlement processor system according to claim 1, wherein
the MEP comprises a plurality of MEP computers, with the MEP code being
redundantly stored on at least two of the MEP computers. -29-
3. The master entitlement processor system according to claim 1, wherein the UCS comprises a server and a personal computer.
4. The master entitlement processor system according to claim 1, wherein
the communication means comprises a network of telephone lines.
5. The master entitlement processor system according to claim 1, wherein the application is a market data application for providing the user with current financial
information.
6. The master entitlement processor system according to claim 1, wherein:
the user information comprises user identification numbers and associated user
passwords; and
a user password can be changed in the MEP database by the MEP data-send
instructions causing database modification data to be sent to the MEP through the
communication means to thereby cause the MEP database modification instructions to
modify the user password in the MEP database.
7. The master entitlement processor system according to claim 1, wherein
the user information comprises access permission lists for each user which control each
user's access to various features of the application. -30-
8. The master entitlement processor system according to claim 7, wherein
the access permission list is stored in the MEP database and sent to the UCS in a table- driven form, and wherein the UCS code further comprises:
a dynamic table; and expansion instructions for expanding the table-driven access permission list using the dynamic table into permission information in a predetermined format which
can be utilized by the application program.
9. The master entitlement processor according to claim 1, wherein the UCS
further comprises means for storing at least a portion of the user information.
10. The master entitlement processor system according to claim 9, wherein
the means for storing comprises a cache memory.
11. The master entitlement processor system according to claim 9, wherein
the means for storing comprises a magnetic storage medium.
12. A computer system for storing permission information which controls a
user's access to various features of an application, the computer system comprising:
means for storing a table-driven access permission list in the form of a variable-
length string of bits wherein each bit represents the status of a specific permission for the user;
means for storing a dynamic table; and -31-
means for expanding the table-driven permission list into expanded permission
information in a predetermined format using the dynamic table, which expanded
permission information can be directly utilized by the application.
13. The computer system according to claim 12, wherein the table-driven
access permission list relates to the extent of the user's permitted access to a market data database comprising financial information.
14. The computer system according to claim 12, wherein the dynamic table
comprises fields for hard numeric code, a hard alphanumeric code, a service name, a
service group code and a long name.
15. A computer system comprising :
a domain comprising a plurality of server computers;
a user workstation; and
program code located in each of the plurality of server computers, the program
code comprising login instructions which control operations allowing a user to log into
any one of the plurality of server computers in the domain through the user workstation,
and thereafter to receive data from the server computer which the user is logged into
through the user workstation. -32-
16. The computer system according to claim 15, and further comprising: a master entitlement processor structured and programmed store user
information relating to the user; and communication means for communicating the user information from the master
entitlement processor to all of the server computers of the domain.
17. The computer system according to claim 15, wherein the login
instructions designate one of the server computers in the domain as a primary server
computer, and provide that the user will preferably be logged into the primary server computer.
18. The computer system according to claim 15, wherein the server computer
which the user is logged into sends market data through the user workstation.
19. The computer system according to claim 18, wherein the domain receives
market data from a financial exchange.
20. The computer system according to claim 15, wherein the program code
comprises user-tracking instructions which cause each server computer in the domain to
keep track of whether the user is logged into any of the server computers. -33-
21. The computer system according to claim 20, wherein the program code comprises duplicative-login instructions which prevent the user from logging into more
than one server computer.
22. The computer system according to claim 15, wherein the program code comprises failover instructions which switch the user from a first server computer of the plurality of server computers to a second server computer of the plurality of server
computers upon a failure condition.
23. The computer system according to claim 22, wherein the failure
condition is the failure of the first server computer.
24. The computer system according to claim 22, wherein the failure
condition is a failure in a flow of information from a financial exchange to the first
server computer.
25. An enterprise computer system comprising:
a first domain comprising a plurality of first-domain server computers;
a second domain comprising a plurality of second-domain server computers;
a user workstation; and
program code located in each of the server computers comprising login
instructions which control operations allowing a user to log into any one of the server -34-
computers in at least one of the first and second domains, and thereafter to receive data from the server computer which the user is logged into through the user workstation.
26. The computer system according to claim 25, further comprising:
a master entitlement processor structured and programmed to store user
information relating to the user; and communication means for communicating the access permissions from the
master entitlement processor to the server computers in the first domain and the second domain.
27. The computer system according to claim 25, wherein the user receives
market data from the server computer which the user is logged into through the user
workstation.
28. The computer system according to claim 25, wherein the program code
further comprises static-loadbalancing instructions which designate the first domain as
the primary domain, whereby the user will preferably be logged into one of the first-
domain server computers.
29. The computer system according to claim 28, wherein the program code
further comprises domain-failover instructions which switch the user from the primary
domain to the second domain upon a failure condition of every first-domain server
computer. -35-
30. The computer system according to claim 29, wherein the second domain
is an enterprise-wide server farm.
31. The computer system according to claim 29, wherein the program code
further comprises dynamic-loadbalancing instructions for determining which first-
domain server computer the user will preferably be logged into at the time of login.
32. The computer system according to claim 31, wherein the program code comprises server-failover instructions which will switch which first-domain server the
user is logged into upon a failure condition.
PCT/US1999/002797 1998-02-09 1999-02-09 Market data enterprise an domain system implemented by master entitlement processor WO1999040503A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU26666/99A AU2666699A (en) 1998-02-09 1999-02-09 Market data enterprise an domain system implemented by master entitlement processor

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US7406498P 1998-02-09 1998-02-09
US7408998P 1998-02-09 1998-02-09
US7408498P 1998-02-09 1998-02-09
US60/074,089 1998-02-09
US60/074,064 1998-02-09
US60/074,084 1998-02-09
US09/246,348 1999-02-08
US09/246,348 US6535917B1 (en) 1998-02-09 1999-02-08 Market data domain and enterprise system implemented by a master entitlement processor

Publications (1)

Publication Number Publication Date
WO1999040503A1 true WO1999040503A1 (en) 1999-08-12

Family

ID=27491092

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/002797 WO1999040503A1 (en) 1998-02-09 1999-02-09 Market data enterprise an domain system implemented by master entitlement processor

Country Status (3)

Country Link
US (2) US6535917B1 (en)
AU (1) AU2666699A (en)
WO (1) WO1999040503A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU734015B1 (en) * 2000-02-15 2001-05-31 Molten Markets Pty Ltd User interface system
WO2001061521A1 (en) * 2000-02-15 2001-08-23 Molten Markets Pty Ltd User interface system
GB2378010A (en) * 2001-07-27 2003-01-29 Hewlett Packard Co Mulit-Domain authorisation and authentication
GB2383438A (en) * 2001-12-20 2003-06-25 Inventec Corp Authorisation method and system for storing and retrieving data
SG123561A1 (en) * 2002-12-20 2006-07-26 Hewlett Packard Development Co Method and architecture to provide client session failover

Families Citing this family (67)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7058817B1 (en) 1999-07-02 2006-06-06 The Chase Manhattan Bank System and method for single sign on process for websites with multiple applications and services
AU3438401A (en) 1999-11-04 2001-05-14 Jp Morgan Chase Bank System and method for automated financial project management
US8571975B1 (en) 1999-11-24 2013-10-29 Jpmorgan Chase Bank, N.A. System and method for sending money via E-mail over the internet
US10275780B1 (en) 1999-11-24 2019-04-30 Jpmorgan Chase Bank, N.A. Method and apparatus for sending a rebate via electronic mail over the internet
AU2909401A (en) * 1999-12-20 2001-07-03 Planetid, Inc. Information exchange engine providing a critical infrastructure layer and methods of use thereof
US7426530B1 (en) 2000-06-12 2008-09-16 Jpmorgan Chase Bank, N.A. System and method for providing customers with seamless entry to a remote server
US10185936B2 (en) 2000-06-22 2019-01-22 Jpmorgan Chase Bank, N.A. Method and system for processing internet payments
WO2002003744A1 (en) * 2000-06-30 2002-01-10 Hughes Electronics Corporation Residential broadband communications device, and method of operating same
US8335855B2 (en) 2001-09-19 2012-12-18 Jpmorgan Chase Bank, N.A. System and method for portal infrastructure tracking
WO2003038775A1 (en) * 2000-09-28 2003-05-08 Kabushiki Kaisha Visual Japan Pos system, pos server, shop terminal, sales managing method, and recording medium
US7334031B2 (en) * 2001-01-12 2008-02-19 Siemens Medical Solutions Health Services Corporation System and user interface supporting processing and activity management for concurrently operating applications
US7085833B2 (en) * 2001-01-17 2006-08-01 Microsoft Corporation Caching user network access information within a network
US8849716B1 (en) 2001-04-20 2014-09-30 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US20030018701A1 (en) * 2001-05-04 2003-01-23 Gregory Kaestle Peer to peer collaboration for supply chain execution and management
US7536715B2 (en) * 2001-05-25 2009-05-19 Secure Computing Corporation Distributed firewall system and method
AU2002312381A1 (en) 2001-06-07 2002-12-16 First Usa Bank, N.A. System and method for rapid updating of credit information
US7266839B2 (en) 2001-07-12 2007-09-04 J P Morgan Chase Bank System and method for providing discriminated content to network users
US7103576B2 (en) 2001-09-21 2006-09-05 First Usa Bank, Na System for providing cardless payment
WO2003038561A2 (en) 2001-11-01 2003-05-08 First Usa Bank, N.A. System and method for establishing or modifying an account with user selectable terms
US7987501B2 (en) 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US7054923B2 (en) * 2001-12-14 2006-05-30 International Business Machines Corporation Access control repository for providing access control of service profiles for web based solutions
US7707416B2 (en) 2002-02-01 2010-04-27 Novell, Inc. Authentication cache and authentication on demand in a distributed network environment
US7487535B1 (en) * 2002-02-01 2009-02-03 Novell, Inc. Authentication on demand in a distributed network environment
US7941533B2 (en) 2002-02-19 2011-05-10 Jpmorgan Chase Bank, N.A. System and method for single sign-on session management without central server
US8910241B2 (en) 2002-04-25 2014-12-09 Citrix Systems, Inc. Computer security system
US7231664B2 (en) * 2002-09-04 2007-06-12 Secure Computing Corporation System and method for transmitting and receiving secure data in a virtual private group
US7058660B2 (en) 2002-10-02 2006-06-06 Bank One Corporation System and method for network-based project management
US7308706B2 (en) * 2002-10-28 2007-12-11 Secure Computing Corporation Associative policy model
US8301493B2 (en) 2002-11-05 2012-10-30 Jpmorgan Chase Bank, N.A. System and method for providing incentives to consumers to share information
JP4318913B2 (en) * 2002-12-26 2009-08-26 東京エレクトロン株式会社 Application processing equipment
US20040215650A1 (en) * 2003-04-09 2004-10-28 Ullattil Shaji Interfaces and methods for group policy management
US8190893B2 (en) 2003-10-27 2012-05-29 Jp Morgan Chase Bank Portable security transaction protocol
US20110125672A1 (en) * 2004-06-08 2011-05-26 Rosenthal Collins Group, L.L.C. Method and system for providing electronic information for risk assesement and management via dynamic total net worth for multi-market electronic trading
US7912781B2 (en) 2004-06-08 2011-03-22 Rosenthal Collins Group, Llc Method and system for providing electronic information for risk assessment and management for multi-market electronic trading
US20100312718A1 (en) * 2004-06-08 2010-12-09 Rosenthal Collins Group, L.L.C. Method and system for providing electronic information for risk assesement and management via net worth for multi-market electronic trading
US8429059B2 (en) 2004-06-08 2013-04-23 Rosenthal Collins Group, Llc Method and system for providing electronic option trading bandwidth reduction and electronic option risk management and assessment for multi-market electronic trading
US7596803B1 (en) 2004-07-12 2009-09-29 Advanced Micro Devices, Inc. Method and system for generating access policies
US20100114753A1 (en) * 2004-07-12 2010-05-06 Rosenthal Collins Group, L.L.C. Method and system for automatic commodities futures contract management and delivery balancing
US8321465B2 (en) * 2004-11-14 2012-11-27 Bloomberg Finance L.P. Systems and methods for data coding, transmission, storage and decoding
US8589280B2 (en) 2005-05-04 2013-11-19 Rosenthal Collins Group, Llc Method and system for providing automatic execution of gray box strategies for electronic trading
US8364575B2 (en) * 2005-05-04 2013-01-29 Rosenthal Collins Group, Llc Method and system for providing automatic execution of black box strategies for electronic trading
US7801801B2 (en) * 2005-05-04 2010-09-21 Rosenthal Collins Group, Llc Method and system for providing automatic execution of black box strategies for electonic trading
US7631082B2 (en) * 2005-06-10 2009-12-08 Microsoft Corporation Transparent resource administration using a read-only domain controller
US8185877B1 (en) 2005-06-22 2012-05-22 Jpmorgan Chase Bank, N.A. System and method for testing applications
US8583926B1 (en) 2005-09-19 2013-11-12 Jpmorgan Chase Bank, N.A. System and method for anti-phishing authentication
WO2007053940A1 (en) * 2005-11-09 2007-05-18 Generation 5 Mathematical Technologies Inc. Automatic generation of sales and marketing information
US7849000B2 (en) * 2005-11-13 2010-12-07 Rosenthal Collins Group, Llc Method and system for electronic trading via a yield curve
US20110022509A1 (en) * 2005-11-13 2011-01-27 Rosenthal Collins Group, L.L.C. Method and system for electronic trading via a yield curve on plural network devices
US8793490B1 (en) 2006-07-14 2014-07-29 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
US20080059846A1 (en) * 2006-08-31 2008-03-06 Rosenthal Collins Group, L.L.C. Fault tolerant electronic trading system and method
US20080059500A1 (en) * 2006-09-05 2008-03-06 Chad Symens System and method for collaborative data sharing and analysis
US8473735B1 (en) 2007-05-17 2013-06-25 Jpmorgan Chase Systems and methods for managing digital certificates
US8516539B2 (en) * 2007-11-09 2013-08-20 Citrix Systems, Inc System and method for inferring access policies from access event records
US8990910B2 (en) * 2007-11-13 2015-03-24 Citrix Systems, Inc. System and method using globally unique identities
US8321682B1 (en) 2008-01-24 2012-11-27 Jpmorgan Chase Bank, N.A. System and method for generating and managing administrator passwords
US9240945B2 (en) * 2008-03-19 2016-01-19 Citrix Systems, Inc. Access, priority and bandwidth management based on application identity
US8943575B2 (en) 2008-04-30 2015-01-27 Citrix Systems, Inc. Method and system for policy simulation
US20100082701A1 (en) * 2008-09-24 2010-04-01 Computer Associates Think, Inc. System and Method for Using a Configuration Management Database
US8990573B2 (en) * 2008-11-10 2015-03-24 Citrix Systems, Inc. System and method for using variable security tag location in network communications
US8364970B2 (en) * 2009-02-18 2013-01-29 Nokia Corporation Method and apparatus for providing enhanced service authorization
US9608826B2 (en) 2009-06-29 2017-03-28 Jpmorgan Chase Bank, N.A. System and method for partner key management
CN103491052A (en) * 2012-06-11 2014-01-01 上海博路信息技术有限公司 Multi-user data exchange method
US9419957B1 (en) 2013-03-15 2016-08-16 Jpmorgan Chase Bank, N.A. Confidence-based authentication
JP2014233068A (en) * 2013-04-30 2014-12-11 株式会社リコー Communication management system, communication management method and program
US10148726B1 (en) 2014-01-24 2018-12-04 Jpmorgan Chase Bank, N.A. Initiating operating system commands based on browser cookies
US11080255B2 (en) * 2018-07-09 2021-08-03 Oracle International Corporation Space-efficient bookkeeping for database applications
GB201812719D0 (en) * 2018-08-06 2018-09-19 Weizel Daniel Nissan Segmentally extendable modular handheld flashlight and respective kit-of-parts for assembling the same

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0008355A1 (en) * 1978-08-25 1980-03-05 Siemens Aktiengesellschaft Device for the protection of data stored in computers against unauthorized access
WO1996042041A2 (en) * 1995-06-07 1996-12-27 Open Market, Inc. Internet server access control and monitoring systems
US5684951A (en) * 1996-03-20 1997-11-04 Synopsys, Inc. Method and system for user authorization over a multi-user computer system

Family Cites Families (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4135240A (en) * 1973-07-09 1979-01-16 Bell Telephone Laboratories, Incorporated Protection of data file contents
DE2641722C3 (en) * 1976-09-16 1981-10-08 Siemens AG, 1000 Berlin und 8000 München Hierarchically organized storage system for a data processing system with virtual addressing
EP0175398A3 (en) * 1984-08-17 1989-08-30 Koninklijke Philips Electronics N.V. Data processing system comprising a memory access controller which is provided for combining descriptor bits of different descriptors associated with virtual addresses
US4665520A (en) * 1985-02-01 1987-05-12 International Business Machines Corporation Optimistic recovery in a distributed processing system
US5265242A (en) * 1985-08-23 1993-11-23 Hiromichi Fujisawa Document retrieval system for displaying document image data with inputted bibliographic items and character string selected from multiple character candidates
JPS63240657A (en) * 1987-03-28 1988-10-06 Toshiba Corp Memory protecting device
US5321750A (en) * 1989-02-07 1994-06-14 Market Data Corporation Restricted information distribution system apparatus and methods
JP2733110B2 (en) * 1989-09-19 1998-03-30 日本電信電話株式会社 Wireless signal transmission method
US5262942A (en) * 1990-06-05 1993-11-16 Bankers Trust Company Financial transaction network
US5247661A (en) * 1990-09-10 1993-09-21 International Business Machines Corporation Method and apparatus for automated document distribution in a data processing system
US5581749A (en) * 1992-12-21 1996-12-03 Thedow Chemical Company System and method for maintaining codes among distributed databases using a global database
US5408649A (en) * 1993-04-30 1995-04-18 Quotron Systems, Inc. Distributed data access system including a plurality of database access processors with one-for-N redundancy
JPH0721103A (en) * 1993-06-30 1995-01-24 Mitsubishi Electric Corp Data transfer device
DE4341887C2 (en) * 1993-12-08 1996-12-19 Siemens Ag Method for preventing an unauthorized data change in a device with a non-volatile memory
US5491827A (en) * 1994-01-14 1996-02-13 Bull Hn Information Systems Inc. Secure application card for sharing application data and procedures among a plurality of microprocessors
US5410693A (en) * 1994-01-26 1995-04-25 Wall Data Incorporated Method and apparatus for accessing a database
US5493606A (en) * 1994-05-31 1996-02-20 Unisys Corporation Multi-lingual prompt management system for a network applications platform
US5604803A (en) * 1994-06-03 1997-02-18 Sun Microsystems, Inc. Method and apparatus for secure remote authentication in a public network
GB9502182D0 (en) * 1995-02-03 1995-03-22 Plessey Telecomm Telecommunications service interactions
US5838903A (en) * 1995-11-13 1998-11-17 International Business Machines Corporation Configurable password integrity servers for use in a shared resource environment
JP3090021B2 (en) * 1996-02-14 2000-09-18 富士ゼロックス株式会社 Electronic document management device
US5883956A (en) * 1996-03-28 1999-03-16 National Semiconductor Corporation Dynamic configuration of a secure processing unit for operations in various environments
US5802518A (en) * 1996-06-04 1998-09-01 Multex Systems, Inc. Information delivery system and method
US5864871A (en) * 1996-06-04 1999-01-26 Multex Systems Information delivery system and method including on-line entitlements
US5852724A (en) * 1996-06-18 1998-12-22 Veritas Software Corp. System and method for "N" primary servers to fail over to "1" secondary server
US6308200B1 (en) * 1996-07-09 2001-10-23 Fujitsu Limited Method for connecting terminals to a host computer and a host computer therefor
US5884024A (en) * 1996-12-09 1999-03-16 Sun Microsystems, Inc. Secure DHCP server
US6122740A (en) * 1996-12-19 2000-09-19 Intel Corporation Method and apparatus for remote network access logging and reporting
US5933596A (en) * 1997-02-19 1999-08-03 International Business Machines Corporation Multiple server dynamic page link retargeting
US5870562A (en) * 1997-03-24 1999-02-09 Pfn, Inc. Universal domain routing and publication control system
US5945989A (en) * 1997-03-25 1999-08-31 Premiere Communications, Inc. Method and apparatus for adding and altering content on websites
US6145098A (en) * 1997-05-13 2000-11-07 Micron Electronics, Inc. System for displaying system status
US5903881A (en) * 1997-06-05 1999-05-11 Intuit, Inc. Personal online banking with integrated online statement and checkbook user interface
US6067528A (en) * 1997-06-19 2000-05-23 Breed; Craig A. Confidential market making system
US6006331A (en) * 1997-07-29 1999-12-21 Microsoft Corporation Recovery of online sessions for dynamic directory services
US6035404A (en) * 1997-09-09 2000-03-07 International Business Machines Corporation Concurrent user access control in stateless network computing service system
US6061734A (en) * 1997-09-24 2000-05-09 At&T Corp System and method for determining if a message identifier could be equivalent to one of a set of predetermined indentifiers
US6275953B1 (en) * 1997-09-26 2001-08-14 Emc Corporation Recovery from failure of a data processor in a network server
US6145089A (en) * 1997-11-10 2000-11-07 Legato Systems, Inc. Server fail-over system
JP2950307B2 (en) * 1997-11-28 1999-09-20 日本電気株式会社 Personal authentication device and personal authentication method
US6108591A (en) * 1998-01-22 2000-08-22 Qualcomm Incorporated Method and apparatus for validating vehicle operators
US6078960A (en) * 1998-07-03 2000-06-20 Acceleration Software International Corporation Client-side load-balancing in client server network
US6195680B1 (en) * 1998-07-23 2001-02-27 International Business Machines Corporation Client-based dynamic switching of streaming servers for fault-tolerance and load balancing
US6978396B2 (en) * 2002-05-30 2005-12-20 Solid Information Technology Oy Method and system for processing replicated transactions parallel in secondary server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0008355A1 (en) * 1978-08-25 1980-03-05 Siemens Aktiengesellschaft Device for the protection of data stored in computers against unauthorized access
WO1996042041A2 (en) * 1995-06-07 1996-12-27 Open Market, Inc. Internet server access control and monitoring systems
US5684951A (en) * 1996-03-20 1997-11-04 Synopsys, Inc. Method and system for user authorization over a multi-user computer system

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU734015B1 (en) * 2000-02-15 2001-05-31 Molten Markets Pty Ltd User interface system
WO2001061521A1 (en) * 2000-02-15 2001-08-23 Molten Markets Pty Ltd User interface system
GB2377296A (en) * 2000-02-15 2003-01-08 Molten Markets Pty Ltd User interface system
GB2378010A (en) * 2001-07-27 2003-01-29 Hewlett Packard Co Mulit-Domain authorisation and authentication
US7444666B2 (en) 2001-07-27 2008-10-28 Hewlett-Packard Development Company, L.P. Multi-domain authorization and authentication
GB2383438A (en) * 2001-12-20 2003-06-25 Inventec Corp Authorisation method and system for storing and retrieving data
GB2383438B (en) * 2001-12-20 2005-07-20 Inventec Corp Authorization method and system for storing and retrieving data
SG123561A1 (en) * 2002-12-20 2006-07-26 Hewlett Packard Development Co Method and architecture to provide client session failover

Also Published As

Publication number Publication date
US20040003075A1 (en) 2004-01-01
US6535917B1 (en) 2003-03-18
US8195780B2 (en) 2012-06-05
US20030055989A1 (en) 2003-03-20
AU2666699A (en) 1999-08-23

Similar Documents

Publication Publication Date Title
US6535917B1 (en) Market data domain and enterprise system implemented by a master entitlement processor
Fagg et al. Scalable networked information processing environment (SNIPE)
US6687846B1 (en) System and method for error handling and recovery
US6704785B1 (en) Event driven communication system
US7076553B2 (en) Method and apparatus for real-time parallel delivery of segments of a large payload file
US5956489A (en) Transaction replication system and method for supporting replicated transaction-based services
EP1410197B1 (en) Scaleable message system
US7861111B2 (en) Shared data center disaster recovery systems and methods
US7069295B2 (en) Peer-to-peer enterprise storage
US7243103B2 (en) Peer to peer enterprise storage system with lexical recovery sub-system
EP1269714B1 (en) Method and device for distributed caching
US10922303B1 (en) Early detection of corrupt data partition exports
US20030069903A1 (en) Database migration
US20110010338A1 (en) Distributed Database System
KR20010085904A (en) Fault tolerant bus for clustered system
US6119173A (en) System and method for communications and process management in a distributed telecommunications switch
US10952222B1 (en) Isolated and flexible network data transmission between computing infrastructure collections
US5996017A (en) Method for information exchange in the customer/server mode between stations connected by a communication network
US6519610B1 (en) Distributed reference links for a distributed directory server system
Chen et al. Designing mobile computing systems using distributed objects
KR0175456B1 (en) Distributed Object Access Information Management System and Its Decentralization Method
US11809735B1 (en) Snapshot management for cloud provider network extensions
JP2924779B2 (en) Data hierarchy distribution processing method
Bowen et al. Towards continuous availability of Internet services through availability domains
CN110611594A (en) Method and device for multiple access and fault switching of main node of privileged system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
NENP Non-entry into the national phase

Ref country code: KR

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase